Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2024-08-13 CVE-2024-41734 Missing Authorization vulnerability in SAP Netweaver Application Server Abap
Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information.
network
low complexity
sap CWE-862
4.3
2024-08-13 CVE-2024-42373 Missing Authorization vulnerability in SAP Student Life Cycle Management
SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges.
network
low complexity
sap CWE-862
5.4
2024-08-13 CVE-2024-28166 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 430/440/Enterprise420
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application.
network
low complexity
sap
4.3
2024-08-13 CVE-2024-33003 Unspecified vulnerability in SAP Commerce Cloud
Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters.
network
low complexity
sap
critical
9.1
2024-08-13 CVE-2024-33005 Missing Authorization vulnerability in SAP products
Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions.
local
low complexity
sap CWE-862
6.3
2024-08-13 CVE-2024-41730 Missing Authorization vulnerability in SAP Business Objects Business Intelligence Platform Enterprise430/Enterprise440
In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint.
network
low complexity
sap CWE-862
critical
9.8
2024-08-13 CVE-2024-41731 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 430/440/Enterprise420
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application.
network
low complexity
sap
4.3
2024-08-13 CVE-2024-41732 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls.
network
low complexity
sap
5.4
2024-08-13 CVE-2024-41733 Unspecified vulnerability in SAP Commerce Comcloud2211/Hycom2205
In SAP Commerce, valid user accounts can be identified during the customer registration and login processes.
network
low complexity
sap
5.3
2024-08-13 CVE-2024-41735 Cross-site Scripting vulnerability in SAP Commerce Backoffice Hycom2205
SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability causing low impact on confidentiality and integrity of the application.
network
low complexity
sap CWE-79
5.4